Software Integrity

Symantec announces anomaly detection for automotive

Maybe you’re not yet worried about a remote hacker disabling the brakes on your car, but anti-virus vendor Symantec has produced an anomaly detection system for automobiles that doesn’t require OEMs to install new hardware and claims to identify zero-day attacks.

Symantec’s Anomaly Detection for Automotive is a software-based solution, which the company says learns from the Controller Area Network (CAN) bus traffic what is normal behavior, and identifies anomalous activity that may indicate an attack. The product can provide Deep Packet Inspection of every message and also prioritize incidents based on perceived criticality, with low false-positive rates.

Symantec claims its small footprint enables deployment is ideal for head units, IVN gateways, and On-Board Diagnostic (OBD-II) dongles. The company says “by using advanced machine learning techniques, the solution can automatically discriminate potentially dangerous anomalous messaging behavior from normal behavior. Using machine learning in this way avoids
the pain of manually crafting detailed policies.”

Without knowing more, or what specific OEMs have signed on, it would appear to be some sort of heuristic anti-malware solution for the automotive industry.